Slashdot Mirror


Linux 2.4.24 Release Fixes Root Vulnerability

diegocgteleline.es writes "Linux Kernel 2.4.24 has been released and is available on kernel.org. It seems there's a bug in the mremap(2) system call, where a local user can get root privileges.The new version has been released only with the most important bugs fixed - the rest of the changes have been postponed (those changes include the XFS filesystem)."

10 of 436 comments (clear)

  1. Re:Linux has uptimes of 2 weeks by Anonymous Coward · · Score: -1, Flamebait

    ...and without services enabled.

  2. Hah! by Anonymous Coward · · Score: -1, Flamebait

    Suck it, M$! Linux, when you patch it and keep it up to date is FAR more secure than a Windows machine that hasn't been patched for months! That's right! Feel the power of OPEN SOURCE! (TM)(C)

  3. Re:2.4.x? by Anonymous Coward · · Score: -1, Flamebait

    u sir, r n 1d10t

  4. Re:Mod parent back up please by Anonymous Coward · · Score: -1, Flamebait

    Eh, it's probably modded "Flamebait" because some slanty-eyed yellowhands with mod points saw the comment about 'slope' and got offended.

  5. In Linux... by Anonymous Coward · · Score: -1, Flamebait

    you have to spend 4 hours recompiling your kernel for stuff like this.

    In Windows, you just install a small binary patch that takes less than a minute.

  6. Re:Quick! by Xpilot · · Score: 1, Flamebait

    Use Depenguinator on all the unpatched boxen! Let the revolution begin! >:)

    Ugh, a BSD troll. How come these guys are tolerated?

    --
    "Backups are for wimps. Real men upload their data to an FTP site and have everyone else mirror it." -- Linus Torvalds
  7. Re:Can't Wait! by slittle · · Score: -1, Flamebait
    Is this just more proof that Linux was built by amateurs? Or wait - I know - that Linux can't be trusted because the source code is open.

    It's proof that Linux isn't the second coming, and that ABM weenies should get the fuck off their high horse and STFU once in a while. Most of my machines run Linux, but jesus christ, get over it already.

    The numerous security holes in MS products are a result of bad design, not merely a mistake or two.

    Care to elaborate on this alleged "bad design"?
    --
    Opportunity knocks. Karma hunts you down.
  8. Re:Article title misleading... by verbatim_verbose · · Score: 0, Flamebait

    Yeah, so all 7 people still running the 2.2 series better get on the ball!

  9. Re:Mod parent back up please by Anonymous Coward · · Score: -1, Flamebait

    Well said! I've been doing some research and considering upgrading my production Linux servers to BSD. I don't find Linux to be stable enough and too much bloat for my likings.

    I'm also tired of the patches that patch the patches, which also need patches to patch those other patches. Putting bandaids on Linux daily is getting to be quite annoying so I think i'll be switching to *BSD.

    I'm not sure which one yet, but from what I've been seeing, they all beat Linux so it's a hard decision but much easier than choosing from over 288 fragmented and non-standard linux distro's, last I checked 2 years ago.

    I'm also tired of all these "remote" exploits in Linux (the kernel itself, not to mention the distro i've been using).

    And for some distro's to almost require KDE or Gnome on a "server" is absoloutly stupid!

    22 Linux servers to upgrade to *BSD. I figure with *BSD's robustness I'll be able to drop that down to about 2 servers from 22.

  10. we got r00t, d00d!!! by t0ny · · Score: 0, Flamebait
    Wow, another Linux kernel root exploit. Its nice to see the crown jewel of the OSS community really shine.

    Whats that everyone says about having so many eyes on the code? Looks like they may need to add a few more eyes.

    --

    Manipulate the moderator system! Mod someone as "overrated" today.